Created by Cultura Online
about 3 years ago
|
||
What is HIPAA?
Is there a HIPAA law at the state level?
HIPAA Privacy Rule
HIPAA Security Rule
What does
HIPAA mean?
What is PHI?
What is Protected Health Information?
What information is not covered by the Privacy Rule?
What does “disclosure” mean?
What does "minimum necessary" mean?
What does the Security Rule cover?
Can the patient's name and room number be included in hospital directories?
Can information about the patient be disclosed to patient's family or friends, or other healthcare staff involved in their care?
Is permission by the patient required to access patient information related to treatment received and billing for services?
Is it against HIPAA to receive patient information to provide treatment to the patient?
Is it against HIPAA to use patient information for training or accreditation purposes?
What are some examples of information release that requires written authorization from the patient?
Under the Privacy Rule, patients can ask health care providers and staff to contact them in a certain way (e.g. at home as opposed to work).
Under the Privacy Rule, patients have the right to look at and obtain copies of their medical and billing records.
The right to ask for changes to medical and billing records.
What are Business Associates?
What is a considered a breach of HIPAA?
The HIPAA Breach Notification Rule requires HIPAA-covered entities and their business associates to notify patients and other parties following a breach of unsecured protected health information (PHI).
What is EPHI?
What is protected EPHI?
EPHI should only be stored on and transmitted to / from devices and locations that have been specifically approved by a designated individual at the covered health care entity,
No network device (e.g. desktop, laptop, printer, network hub and switches, wireless access points, PDAs and portable storage devices) may be connected to any network that provides access to EPHI without prior approval from a designated individual at the covered health care entity,
When an EPHI storage device is no longer in use or has reached the end of its life-cycle, all of the data on the device must be removed and/or destroyed.
All portable devices and media must be approved by a designated individual within the covered health care entity prior to the use of such device or media for storage / transmission of EPHI
EPHI stored on a laptop, mobile device or other portable media should be encrypted.
A health care provider or health plan may share relevant information if the patient is not present or cannot give permission, and based on professional judgment, that sharing the information is in the patient's best interest.
An emergency room doctor may discuss patient's treatment in front of a friend when the patient asks
his/her friend to come into the treatment room.
If the patient does not object, the hospital may discuss the patient's bill with the patient's
daughter who has questions about the charges.
The doctor may discuss the medicines the patient takes with the home health aide who is with the patient.
HIPAA allows health care providers to give prescription drugs, medical supplies, x-rays, and
other health care items to a family member, friend, or other person you send to pick them up.
You had emergency surgery and are still unconscious. Your surgeon may tell your spouse about
your condition, either in person or by phone, while you are unconscious.
A doctor may not tell your friend about a past medical problem that is unrelated to your current condition.
Without patient authorization, the provider generally cannot
give your medical information to your employer.
Patient information can be used and shared without permission to protect the public's health, such as by reporting Covid-19 infections to health authorities.
Patient information can be used and shared without permission to make required reports to the police, such as reporting gunshot wounds.
Doctors are required to release medical information even without the patient's written consent when they have concerns that a child or others may be at risk for immediate harm.
Can my health care provider discuss patient's health information with an interpreter present?
Does the HIPAA Privacy Rule permit a doctor to discuss a patient’s health status, treatment, or payment arrangements with a person who is not married to the patient or is otherwise not recognized as a relative of the patient under applicable law (e.g., state law)?
For more information, please go to this HHS website: